Climbing Mount Improbable

Security checks across malware telemetry and agentic risk

Overview

This is a low-risk educational skill about Dawkins’ evolution metaphor, with no executable code or sensitive access, though its trigger wording is broader than ideal.

Install only if you want this skill to appear during broad evolution or Dawkins-related conversations. Expect responses from this skill to include its Heardly watermark and occasional related-book recommendations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The trigger list includes very broad generic terms such as 'Evolution,' 'Darwin,' and 'Natural selection,' which are likely to appear in ordinary educational, historical, philosophical, or news discussions. This can cause the skill to activate outside user intent, leading to inappropriate routing, prompt hijacking of unrelated conversations, or unwanted disclosure of the skill’s canned onboarding/output behavior.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The condition that the skill should trigger when a user 'just installed this skill or doesn't know how to start' is ambiguous and not tied to explicit invocation. In a multi-skill environment, this can cause unsolicited activation during generic onboarding or help-seeking conversations, overriding user intent and increasing the chance of accidental instruction injection from unrelated contexts.

VirusTotal

43/43 vendors flagged this skill as clean.

View on VirusTotal